Last week I was asked by some of my social media acquaintances to be a panelist on a end of the day keynote at the Online Marketing Summit (OMS) held in Cleveland, OH. The first thing you are probably wondering is “What the hell is a security guy doing at a marketing conference”? Let me explain. This isn’t the first time I have done something like this and it probably won’t be the last. Read on.
In many companies the marketing, public relations, HR and other “business” functions really don’t want anything to do with security. It’s true. We always get in the way by stopping money making and/or great marketing ideas with phrases like “If you do that…the hax0rs are going to pwn us!” or “No you can’t, that’s against our security policy. Go away now.” Unfortunately, all it takes is one bad experience from the “security people” and they won’t want to work with you ever again. I’ve seen it happen many times and I’ve even been “that evil security guy” at various times in my career.
It’s because of this bull headed attitude that these departments start finding ways around your policies, procedures, website blocking and more. Why? Because security people are increasingly impossible to deal with. Too much red tape, policies, rules and most of all…lack of communication. That’s right, I said it. Lack of good communication. When was the last time you talked to these people in your company? When was the last time you offered to help them with a compromise or solution rather then saying no? This might be a shock to some of you but these are the people helping make the business money. All of us in security are just an extra expense to the business. Don’t make our jobs harder! Here are three steps to help communicate to these people better:
1. Get out of your shell
We love to hang out and network at security conferences and user groups. It makes sense because we are comfortable around our own people. However, take a step back and think about what the “business needs” for a minute. You are there to help the business succeed. So go out and help them! One way to do this is to attend a marketing conference. Seriously. You get to meet and talk to people that want to help the business make money and know how to do it. You also get to learn what the business wants. This will get you thinking about how you as the “security person” can help make that happen while keeping the business and its information safe.
2. Learn something new
What does marketing have to do with security? All kinds of things! SEO, blogging, social networking, social media, brand reputation, monitoring and more. These are hot topics right now and there are serious security and privacy issues to be concidered. You need to be involved! The best way to do this is to attend their conferences, read their blogs and communicate. One good way to get involved is to look for a local social media club in your area. We have a great one in Cleveland and there are others in cities all over the US and probably the world. Attend, learn and network. It can only benefit you and your company. Same goes if you are a consultant. Meeting marketing people is a great way to get new business because they usually have a direct line to upper management at a company. They will also be so impressed that a security person actually took the time to show up to a marketing conference…they might call upper management for you. 🙂
3. Teach and Educate
We have all “beaten the horse to death” regarding security awareness. Many in security say it doesn’t work and is a hopeless battle. While there is no patch for human stupidity, you still need to make an effort. If anything, by you as the “security person” showing up at the marketing departments monthly meeting it shows that security wants to be involved with what they are doing. This alone says volumes! Especially to management of those groups. Get out there and explain why you have certain policies, how the security team functions or better yet…how you can help them market the business and do it securely.